First Malware ‘Thanatos Ransomware’ Demands Ransom in Bitcoin Cash

A new strain of ransomware attack named Thanatos Ransomware accepts ransom money in Bitcoin cash. Although, it contains a decryption bug which makes it quite impossible for the victimized users to recover the encoded files even after paying asked ransom fee. According to the latest research report published by a reputed online security firm, once Thanatos Ransomware invades the targeted Windows computers, it injects a key for each and every enciphered files. However, those keys were never saved anywhere. As a result, the restoration of encrypted system files are nearly impossible.

Cyber extortionists behind Thanatos Ransomware threats the victims by stating that encoded files can only be decoded by the decryption tool provided by them. Unfortunately, it is important for you to understand that the decryption tool which claims to decode the encrypted PC files won’t help you in decoding the files. Therefore, cyber security experts highly advised the victimized computers not to pay the asked ransom money because the threat actors behind Thanatos Ransomware cannot be trusted. Even after paying the ransom fee asked by the operators of this ransomware, the compromised Windows users were left empty-handed.

According to the malware researchers, Thanatos Ransomware is the first ransom-demanding virus which accepts ransom money in the form of Bitcoin cash. Luckily, the good news is that it may be possible to brutally force the encryption key for each encoded files. Talking about the encryption method of this ransomware which is completely a mess and does not introduce something new in the world of malicious cyber parasites. Meanwhile, Bitcoin cash is considered as a new cryptocurrency which was spun off from the Bitcoin. This is the first time that criminal hackers are accepting the Bitcoin cash and in this case, operators of Thanatos Ransomware also accepts Etherum in the form of ransom payment.

Technically speaking, after encoding the specific file types stored on the victim’s system, the Thanatos Ransomware appends the enciphered file name with ‘.THANATOS’ extension. Right after the successful completion of file encryption procedure, malware connects the affected device with a specific URL identified as ‘iplogger[.]com/1t3i37’ to keep track of the amount of infected systems. Furthermore, Thanatos Ransomware will generate an autorun key reported as ‘Microsoft Update System Web-Helper‘ which opens the ransom note named ‘README.txt’. This notification opens up every time whenever the affected users login to their system.

In addition to that, cyber crooks behind Thanatos Ransomware virus demands 200 USD as a ransom money that should be paid in the given Bitcoin Cash, Ethereum or Bitcoin wallet address. It also instructs the victimized users to contact the con artists through ‘[email protected]’ email address by using the victim ID in order to receive a supposed decryption utility after the successful ransom payment transaction. However, security investigators at RMT strongly suggest victims of Thanatos Ransomware to refrain paying asked ransom money because the recovery of encoded file is not guaranteed. In such circumstances, you should use a reputable anti-malware shield for Thanatos Ransomware removal and try alternative method to restore files encrypted by this dangerous parasite.